Matching TCP Packets and Its Application to the Detection of Long Connection Chains on the Internet

Taipei, Taiwan March 25-March 30

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/AINA.2005.240

19th International Conference on Adva ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Jianhua Yang Articles by Shou-Hsuan Stephen Huang

	ASCII Text	x
	Jianhua Yang, Shou-Hsuan Stephen Huang, "Matching TCP Packets and Its Application to the Detection of Long Connection Chains on the Internet," Advanced Information Networking and Applications, International Conference on, vol. 1, pp. 1005-1010, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers), 2005.

	BibTex	x
	@article{ 10.1109/AINA.2005.240, author = {Jianhua Yang and Shou-Hsuan Stephen Huang}, title = {Matching TCP Packets and Its Application to the Detection of Long Connection Chains on the Internet}, journal ={Advanced Information Networking and Applications, International Conference on}, volume = {1}, year = {2005}, issn = {1550-445X}, pages = {1005-1010}, doi = {http://doi.ieeecomputersociety.org/10.1109/AINA.2005.240}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Advanced Information Networking and Applications, International Conference on TI - Matching TCP Packets and Its Application to the Detection of Long Connection Chains on the Internet SN - 1550-445X SP1005 EP1010 A1 - Jianhua Yang, A1 - Shou-Hsuan Stephen Huang, PY - 2005 KW - null VL - 1 JA - Advanced Information Networking and Applications, International Conference on ER -

Jianhua Yang, University of Houston

Shou-Hsuan Stephen Huang, University of Houston

Network attackers usually launch their attacks behind a long connection chain. One way to stop such attacks is to prevent the attackers from using computers as "stepping-stones" for their attacks. A "Step-Function" method has been proposed to detect the length of a connection chain from a host to the victim machine. The algorithm is based on the changes in packet round trip times. Due to many network protocol issues, it is impossible to match all such packets correctly. We propose two algorithms to match TCP packet in real-time. The first algorithm matched fewer packets but the matching is correct. The second one matches more packets with some uncertainty on the correctness. The two algorithms gave us almost identical results in determining the length of a connection chain. The algorithm give us a way to stop stepping-stone intrusion on the Internet in real-time.

Citation:

Jianhua Yang, Shou-Hsuan Stephen Huang, "Matching TCP Packets and Its Application to the Detection of Long Connection Chains on the Internet," aina, vol. 1, pp.1005-1010, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.